XenForo 1.2 now has a new collection of permissions to control what your users can put in their signatures. For performance reasons, these restrictions are only checked when a user tries to change their signature. It will not invalidate existing signatures. The easiest thing to do is to simply show the permissions that can be set: For user friendliness, if a user tries to use a BB code tag that they don't have permission to use, it will simply be stripped out. For other errors (too many images, too long, etc), the user will receive an error.